Python gnupg (GPG) example
python-gnupg is a Python package for encrypting and decrypting strings or files using GNU Privacy Guard (GnuPG or GPG). GPG is an open source alternative to Pretty Good Privacy (PGP). A popular use of GPG and PGP is encrypting email. For more information, see the python-gnupg documentation. Another option for encrypting data from Python is keyczar.
Install¶
This installs the Ubuntu GPG package, creates a test user, and installs the Python package, python-gnupg. This was installed on Ubuntu 10.10 Maverick Meerkat.
$ sudo apt-get install gnupg
$ sudo adduser testgpguser
$ sudo su testgpguser
$ cd
$ virtualenv --no-site-packages venv
$ source venv/bin/activate
$ pip install python-gnupg
Generate a key¶
This creates a GPG key. This also creates the gpghome directory if it does not exist. You may need to supply random hardware activity during the key generation. See the docs for more information. To generate random numbers, you can also install the rng-tools package.
$ sudo apt-get install rng-tools
import os
import gnupg
os.system('rm -rf /home/testgpguser/gpghome')
gpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
input_data = gpg.gen_key_input(
name_email='[email protected]',
passphrase='my passphrase')
key = gpg.gen_key(input_data)
print key
B0F4CF530036CE8CD1C064F17D32CEE72C015CD5
Export keys¶
import gnupg
gpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
ascii_armored_public_keys = gpg.export_keys(key)
ascii_armored_private_keys = gpg.export_keys(key, True)
with open('mykeyfile.asc', 'w') as f:
f.write(ascii_armored_public_keys)
f.write(ascii_armored_private_keys)
(venv)testgpguser@mymachine:~$ cat mykeyfile.asc -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.10 (GNU/Linux) mI0ETqrVGAEEAP42Xs1vQv40MxA3/g/Le5B0VatnDYaSvAhiYfaub79HY4mjYcCD FPDo5b54PSzyhlVsz5RL46+RE9NpQ2JdvFofWi7eVzfdmmTtNYEaiUSmzLUq73Vz qu7P1RhOfwuAyW0otnw/Lw54MVjVZblvp3ln1Fcpleb9ZSrY1h61Y8pHABEBAAG0 REF1dG9nZW5lcmF0ZWQgS2V5IChHZW5lcmF0ZWQgYnkgZ251cGcucHkpIDx0ZXN0 Z3BndXNlckBteWRvbWFpbi5jb20+iLgEEwECACIFAk6q1RgCGy8GCwkIBwMCBhUI AgkKCwQWAgMBAh4BAheAAAoJEH0yzucsAVzVBjwD/1KgTx1y3cpuumu1HF0GtQV0 Wn7l9OaSj98CqQ/f2emHD1l9rrjdt9jm1g7wSsWumpKs57vxz7NXwHw7mI4qZ5m0 cvg/qRc/BBMP8v2WgzRsmls97Pplaate1k3QfvDCVs6F1qiIQyELffjxBHbmWPhx XEwhnpLcvk2l7NbNnEwA =exDD -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v1.4.10 (GNU/Linux) lQH+BE6q1RgBBAD+Nl7Nb0L+NDMQN/4Py3uQdFWrZw2GkrwIYmH2rm+/R2OJo2HA gxTw6OW+eD0s8oZVbM+US+OvkRPTaUNiXbxaH1ou3lc33Zpk7TWBGolEpsy1Ku91 c6ruz9UYTn8LgMltKLZ8Py8OeDFY1WW5b6d5Z9RXKZXm/WUq2NYetWPKRwARAQAB /gMDAq5W6uxeU2hDYDPZ1Yy+e97ppNXmdAeq1urZHmiPr4+a36nOWd6j0R/HBjG3 ELD8CqYiQ0vx8+F9rY/uwKga2bEkJsQXjvaaZtu97lzPyp2+avsaw2G+3jRAJWNL 5YG4c/XwK1cfEajM23f7zz/t6TRWG+Ve2Dzi7+obA0LuF8czSlpiTTEzLDk8QJCK y2WmrZ+s+POWv3itVpI26o7PvTQESzwyKXdyCW2W66VnXTm4mQEL6kgyV0oO6xIl QUVSn2XWvwFMg2iL+02zA467rsr1x6Nl8hEQJgFwJCejD2z+4C4yzEeQGFP9WUps pbMedAjDHebhC9FzbW7yuQ3H7iTCK1mvidAFw2wTdrkH61ApzmSo/rSTSxXw7hLT M/ONgYZtvr+CpJj+mIu1XvVDiftvMhXlwcvM8c9PB3zv+086K7kJDTnzPgYvL0H/ +V2b9X9BBfAax40MQuxZJWseaLtsxXyl/rhn8jSCFZoqtERBdXRvZ2VuZXJhdGVk IEtleSAoR2VuZXJhdGVkIGJ5IGdudXBnLnB5KSA8dGVzdGdwZ3VzZXJAbXlkb21h aW4uY29tPoi4BBMBAgAiBQJOqtUYAhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIX gAAKCRB9Ms7nLAFc1QY8A/9SoE8dct3KbrprtRxdBrUFdFp+5fTmko/fAqkP39np hw9Zfa643bfY5tYO8ErFrpqSrOe78c+zV8B8O5iOKmeZtHL4P6kXPwQTD/L9loM0 bJpbPez6ZWmrXtZN0H7wwlbOhdaoiEMhC3348QR25lj4cVxMIZ6S3L5NpezWzZxM AA== =v9Z7 -----END PGP PRIVATE KEY BLOCK-----
Import keys¶
import gnupg
from pprint import pprint
gpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
key_data = open('mykeyfile.asc').read()
import_result = gpg.import_keys(key_data)
pprint(import_result.results)
[{'fingerprint': u'B0F4CF530036CE8CD1C064F17D32CEE72C015CD5',
'ok': u'0',
'text': 'Not actually changed\n'},
{'fingerprint': u'B0F4CF530036CE8CD1C064F17D32CEE72C015CD5',
'ok': u'16',
'text': 'Contains private key\nNot actually changed\n'}]List keys¶
import gnupg
from pprint import pprint
gpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
public_keys = gpg.list_keys()
private_keys = gpg.list_keys(True)
print 'public keys:'
pprint(public_keys)
print 'private keys:'
pprint(private_keys)
public keys:
[{'algo': u'1',
'date': u'1319818520',
'dummy': u'',
'expires': u'',
'fingerprint': u'B0F4CF530036CE8CD1C064F17D32CEE72C015CD5',
'keyid': u'7D32CEE72C015CD5',
'length': u'1024',
'ownertrust': u'u',
'trust': u'u',
'type': u'pub',
'uids': [u'Autogenerated Key (Generated by gnupg.py) ']}]
private keys:
[{'algo': u'1',
'date': u'1319818520',
'dummy': u'',
'expires': u'',
'fingerprint': u'B0F4CF530036CE8CD1C064F17D32CEE72C015CD5',
'keyid': u'7D32CEE72C015CD5',
'length': u'1024',
'ownertrust': u'',
'trust': u'',
'type': u'sec',
'uids': [u'Autogenerated Key (Generated by gnupg.py) ']}] Encrypt a string¶
import gnupg
gpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
unencrypted_string = 'Who are you? How did you get in my house?'
encrypted_data = gpg.encrypt(unencrypted_string, '[email protected]')
encrypted_string = str(encrypted_data)
print 'ok: ', encrypted_data.ok
print 'status: ', encrypted_data.status
print 'stderr: ', encrypted_data.stderr
print 'unencrypted_string: ', unencrypted_string
print 'encrypted_string: ', encrypted_string
ok: True status: encryption ok stderr: [GNUPG:] BEGIN_ENCRYPTION 2 9 [GNUPG:] END_ENCRYPTION unencrypted_string: Who are you? How did you get in my house? encrypted_string: -----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.10 (GNU/Linux) hIwDFuhrAS77HYIBBACXqZ66rkGQv8yE61JddEmad3fUNvbfkhBPUI9OSaMO3PbN Q/6SIDyi3FmhbM9icOBS7q3xddQpvFhwmrq9e3VLKnV3NSmWo+xJWosQ/GNAA/Hb cwF1pOtR6bRHFBkqtmpTYnBo9rMpokW8lp4WxFxMda+af8TlId8HC0WcRUg4kNJi AdV1fsd+sD/cGIp0cAltpaVuO4/uwV9lKd39VER6WigLDaeFUHjWhJbcHwTaJYHj qmy5LRciNSjwsqeMK4zOFZyRPUqPVKwWLiE9kImMni0Nj/K54ElWujgTttZIlBqV 5+c= =SM4r -----END PGP MESSAGE-----
Decrypt a string¶
import gnupg
gpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
unencrypted_string = 'Who are you? How did you get in my house?'
encrypted_data = gpg.encrypt(unencrypted_string, '[email protected]')
encrypted_string = str(encrypted_data)
decrypted_data = gpg.decrypt(encrypted_string, passphrase='my passphrase')
print 'ok: ', decrypted_data.ok
print 'status: ', decrypted_data.status
print 'stderr: ', decrypted_data.stderr
print 'decrypted string: ', decrypted_data.data
ok: True status: decryption ok stderr: [GNUPG:] ENC_TO 16E86B012EFB1D82 1 0 [GNUPG:] USERID_HINT 16E86B012EFB1D82 Autogenerated Key (Generated by gnupg.py)[GNUPG:] NEED_PASSPHRASE 16E86B012EFB1D82 16E86B012EFB1D82 1 0 [GNUPG:] GOOD_PASSPHRASE gpg: encrypted with 1024-bit RSA key, ID 2EFB1D82, created 2011-11-02 "Autogenerated Key (Generated by gnupg.py) " [GNUPG:] BEGIN_DECRYPTION [GNUPG:] PLAINTEXT 62 1320545729 [GNUPG:] PLAINTEXT_LENGTH 41 [GNUPG:] DECRYPTION_OKAY [GNUPG:] GOODMDC [GNUPG:] END_DECRYPTION decrypted string: Who are you? How did you get in my house?
Encrypt a file¶
import gnupg
gpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
open('my-unencrypted.txt', 'w').write('You need to Google Venn diagram.')
with open('my-unencrypted.txt', 'rb') as f:
status = gpg.encrypt_file(
f, recipients=['[email protected]'],
output='my-encrypted.txt.gpg')
print 'ok: ', status.ok
print 'status: ', status.status
print 'stderr: ', status.stderr
ok: True status: encryption ok stderr: [GNUPG:] BEGIN_ENCRYPTION 2 9 [GNUPG:] END_ENCRYPTION
(venv)testgpguser@mymachine:~$ cat my-encrypted.txt.gpg -----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.10 (GNU/Linux) hIwDfTLO5ywBXNUBBADo7trFZUD6Ir1vPRAJsoQXDiiw32N1m9/PXWCnQqX0nyzW LfluNMfLFQRclNPVEg+o91qhS71apKvagp8DW7SCDE2SdCYk8nAS3bwAg5+GUyDs XY2E6BQ1cLA1eK1V6D15ih6cq0laRzWuFkehH9PQ5Yp4ZZOmCbopw7dufnYPjdJb AVGLpZRq64SuN1BUWIHbO7vqQGFq7qhGQwuegblEMm4vyr6FBW6JA/x4G/PMfImZ 1cH6KBrWGWrLCTiU/FKG9JvOm8mg8NXzd/TVjPs6rHRaKPFln37T7cLUwA== =FSQP -----END PGP MESSAGE-----
Decrypt a file¶
import gnupg
gpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
with open('my-encrypted.txt.gpg', 'rb') as f:
status = gpg.decrypt_file(f, passphrase='my passphrase', output='my-decrypted.txt')
print 'ok: ', status.ok
print 'status: ', status.status
print 'stderr: ', status.stderr
ok: True status: decryption ok stderr: [GNUPG:] ENC_TO 16E86B012EFB1D82 1 0 [GNUPG:] USERID_HINT 16E86B012EFB1D82 Autogenerated Key (Generated by gnupg.py)[GNUPG:] NEED_PASSPHRASE 16E86B012EFB1D82 16E86B012EFB1D82 1 0 [GNUPG:] GOOD_PASSPHRASE gpg: encrypted with 1024-bit RSA key, ID 2EFB1D82, created 2011-11-02 "Autogenerated Key (Generated by gnupg.py) " [GNUPG:] BEGIN_DECRYPTION [GNUPG:] PLAINTEXT 62 1320546031 [GNUPG:] PLAINTEXT_LENGTH 32 [GNUPG:] DECRYPTION_OKAY [GNUPG:] GOODMDC [GNUPG:] END_DECRYPTION
(venv)testgpguser@mymachine:~$ cat my-decrypted.txt You need to Google Venn diagram.
Comments
and Can you encrypt data with your private key and send it to a friend? then Can he decrypt the data with your public key?
Although the basic GnuPG program has a command line interface, there exist various front-ends that provide it with a graphical user interface. For example, GnuPG encryption support has been integrated into KMail and Evolution, the graphical e-mail clients found in KDE and GNOME, the most popular Linux desktops. There are also graphical GnuPG front-ends (Seahorse for GNOME, KGPG for KDE). For Mac OS X, the Mac GPG project provides a number of Aqua front-ends for OS integration of encryption and key management as well as GnuPG installations via Installer packages
Was struggling with PyCrypto's DES3 CBC stuff, this just makes my task cake!
Thanks for illustrating almost every use-case!
If you run this code you may have a small error :
execv() arg 2 must contain only strings
Then you just have to convert the key in string with str(key)
disqus:1892899375
I had the same issue.
disqus:2077578307
Nice article.
Thanks.
http://computersecuritypgp....
disqus:2244577200
after i import the public key, when i try to encrypt the file, it as "are you sure you trust this key?" how can i have it import and trust it all at once?
for example:
It is NOT certain that the key belongs to the person named
in the user ID. If you really know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N)
disqus:2485573986
how do you send an encrypted email ?
disqus:2764408888
Hi, If I attempt to run encrypt file part of the code I keep getting:
AttributeError: 'tuple' object has no attribute 'ok'
disqus:3634985919
